Release date: December 13, 2016
Vulnerability identifier: APSB16-45
CVE numbers: CVE-2016-7888, CVE-2016-7889
Platform: Windows, Macintosh and Android
|Adobe Digital Editions||4.5.2 and earlier versions||Windows, Macintosh and Android
Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:
- This update resolves a vulnerability that could lead to a memory address leak (CVE-2016-7888).
- This update resolves an issue associated with parsing crafted XML entities that could lead to information disclosure (CVE-2016-7889).
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative (CVE-2016-7888)
- Craig Arendt (CVE-2016-7889)